I explain the problem I was seeing (and link to the changes I make) in this topic: Redirect after logout with full screen login
The difference here is that the issue I faced only happened after logout, not during the login process (but I imagine the problem lies in a similar section of code).
This kind of change in behaviour across sessions strikes me as cookie oddness, so maybe have a look there.
I’ve sorta-kinda managed to decrypt session store cookies on live Discourse sites by copying this function into the rails console before, but it’s messy. For proper debugging I’d suggest running a dev image in docker and adding this to ApplicationController to get it to print the current session cookie on every request.
before_action :print_session_cookie
def print_session_cookie
pp session
end
I imagine you’re already doing this, but just in case you’re not, I wouldn’t rely on github search to do digging like this. I find Atom’s search (other text editors are available) far more fast and reliable.